Skip to main content

Apple CVE-2026-28825

| EUVDEUVD-2026-15093 HIGH
Out-of-bounds Write (CWE-787)
2026-03-25 apple GHSA-v2rp-wxm3-8hxp
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

7
Re-analysis Queued
Apr 27, 2026 - 14:22 vuln.today
cvss_changed
Severity Changed
Apr 27, 2026 - 14:22 NVD
MEDIUM HIGH
CVSS changed
Apr 27, 2026 - 14:22 NVD
5.5 (MEDIUM) 7.1 (HIGH)
Patch available
Apr 16, 2026 - 05:29 EUVD
14.8.5,15.7.5,26.4
EUVD ID Assigned
Mar 25, 2026 - 01:00 euvd
EUVD-2026-15093
Analysis Generated
Mar 25, 2026 - 01:00 vuln.today
CVE Published
Mar 25, 2026 - 00:35 nvd
MEDIUM 5.5

DescriptionCVE.org

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system.

AnalysisAI

Improper bounds checking in Apple macOS (Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, Tahoe 26.3 and earlier) permits a local attacker to write out-of-bounds memory through a malicious application, potentially allowing modification of protected filesystem areas. The vulnerability requires user interaction to execute the malicious app and affects the file system's integrity rather than confidentiality. No patch is currently available for this out-of-bounds write condition.

Technical ContextAI

This vulnerability is classified as a buffer overflow or out-of-bounds write issue (related to CWE categories concerning memory safety) affecting Apple's macOS operating system across multiple major versions. The affected products span macOS Sequoia (15.x), macOS Sonoma (14.x), and macOS Tahoe (26.x) as indicated by CPE cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*. The root cause involves inadequate bounds checking in code that interacts with the file system, allowing an application with access to certain APIs to write beyond allocated buffer boundaries and corrupt protected file system regions. This type of memory safety issue typically enables attackers to escape application sandboxing or overwrite critical system structures.

RemediationAI

Immediately upgrade affected macOS systems to the patched versions: macOS Sequoia 15.7.5 or later, macOS Sonoma 14.8.5 or later, or macOS Tahoe 26.4 or later. Consult Apple's security advisories at https://support.apple.com/en-us/126794, https://support.apple.com/en-us/126795, and https://support.apple.com/en-us/126796 for detailed patching instructions. Until patching can be completed, restrict execution of untrusted applications through Gatekeeper enforcement and Security & Privacy settings, monitor file system access logs for unusual write activity to protected directories, and maintain current backups of critical system files.

Share

CVE-2026-28825 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy